CVE-2023-4283

Summary

CVE-2023-4283 is a Stored Cross-Site Scripting (XSS) vulnerability affecting the EmbedPress plugin for WordPress. This issue, present in versions up to 3.8.2, stems from insufficient input sanitization and output escaping on user-supplied attributes within the 'embedpress_calendar' shortcode. Consequently, authenticated attackers with contributor-level permissions and above can inject malicious web scripts, which are then executed whenever a user accesses an infected page. This vulnerability could potentially lead to unintended website behavior, unauthorized access, or data theft. Users are strongly advised to update their EmbedPress plugin to the latest version or consider disabling the 'embedpress_calendar' shortcode as a temporary measure.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.